config root man

# Embedded server doesn't support external clients
--source include/not_embedded.inc
--source include/windows.inc

# Only run this test if shared memory is avaliable
let $shm= query_get_value("SHOW VARIABLES LIKE 'shared_memory'", Value, 1);
if ($shm != ON){
  skip No shm support;
}
let $shm_name= query_get_value("SHOW GLOBAL VARIABLES LIKE 'shared_memory_base_name'", Value, 1);

let $nmp= query_get_value("SHOW VARIABLES LIKE 'named_pipe'", Value, 1);
if ($nmp != ON){
  skip No named pipe support;
}

CREATE USER 'user_tcp'@'127.0.0.1';
GRANT ALL PRIVILEGES ON *.* TO 'user_tcp'@'127.0.0.1';
CREATE USER 'user_ssl'@'127.0.0.1';
GRANT ALL PRIVILEGES ON *.* TO 'user_ssl'@'127.0.0.1';
CREATE USER 'user_requiressl'@'localhost' REQUIRE SSL;
GRANT ALL PRIVILEGES ON *.* TO 'user_requiressl'@'localhost';

--disable_query_log
connect(pipe_con1,localhost,root,,,,,PIPE);
connection default;
disconnect pipe_con1;
connect(memory_con,localhost,root,,,,$shm_name,SHM);
connection default;
disconnect memory_con;
--enable_query_log

--echo
--echo # Connection type testing for TCP/IP  protocol
--echo
--exec $MYSQL --host=127.0.0.1 --user=user_tcp --ssl-mode=DISABLED --protocol=TCP -e "select 1;"
#
--echo # Testing TCP/IP connections over SSL/TLS
#
--exec $MYSQL --host=127.0.0.1 --user=user_ssl --protocol=TCP --ssl-mode=REQUIRED -e "select 2;"
--echo
--echo # Testing TCP/IP connections over SSL/TLS having user with REQUIRE SSL clause
#
--exec $MYSQL --host=127.0.0.1 --user=user_requiressl --protocol=TCP -e "select 2.5;"
--echo
SET @@global.require_secure_transport = ON;

--disable_query_log
--Error ER_SECURE_TRANSPORT_REQUIRED
connect(pipe_con2,localhost,root,,,,,PIPE);
connection default;
connect(memory_con1,localhost,root,,,,$shm_name,SHM);
connection default;
disconnect memory_con1;
--enable_query_log

--echo
--echo # Connection type testing for TCP/IP protocol, secure transport required.
--echo
--error 1
--exec $MYSQL --host=127.0.0.1 --user=user_tcp --ssl-mode=DISABLED --protocol=TCP -e "select 3;"
#
--echo # Testing TCP/IP connections over SSL/TLS, secure transport required.
#
--exec $MYSQL --host=127.0.0.1 --user=user_ssl --protocol=TCP --ssl-mode=REQUIRED -e "select 4;"
--echo
#
--echo # Testing TCP/IP connections over SSL/TLS with an user created with REQUIRE SSL
#
--exec $MYSQL --host=127.0.0.1 --user=user_requiressl --protocol=TCP -e "select 4.5;"
--echo

--echo # Shutdown server
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc

--echo # Ensure that server does not start and aborts when there is no
--echo # SHM support, --require-secure-transport=on and ssl is disabled
let server_log= $MYSQLTEST_VARDIR/log/mysqld.1.err;
# $server_log has to be processed by include/search_pattern_in_file.inc which
# contains Perl code requiring that the environment variable SEARCH_FILE points
# to this file.
let SEARCH_FILE= $server_log;
--error 1
--exec $MYSQLD_CMD --loose-enable-named-pipe --loose-shared-memory=0 --require-secure-transport=on --skip-ssl --loose-console > $server_log 2>&1
let SEARCH_PATTERN= Server is started with --require-secure-transport=ON but no secure transports;
--source include/search_pattern_in_file.inc
let SEARCH_PATTERN= Aborting;
--source include/search_pattern_in_file.inc

--echo # Now start server normally without ssl support, with MEM and require-secure-transport=on
--exec echo "restart:--loose-enable-named-pipe --loose-shared-memory=1 --shared_memory_base_name=server_inst_sh_mem --require-secure-transport=on --skip-ssl" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc

--echo # Connection type testing for TCP/IP protocol, secure transport required, should fail
--error 1
--exec $MYSQL --host=127.0.0.1 --user=user_tcp --ssl-mode=DISABLED --protocol=TCP -e "select 5;"

--disable_query_log
--Error ER_SECURE_TRANSPORT_REQUIRED
connect(pipe_con3,localhost,root,,,,,PIPE);
connect(memory_con2,localhost,root,,,,server_inst_sh_mem,SHM);
SET @@global.require_secure_transport = Off;
disconnect memory_con2;
--enable_query_log

connection default;
--echo # Rebooting to start without ssl support and require-secure-transport=off, disabled SHM
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--loose-enable-named-pipe --loose-shared-memory=0 --require-secure-transport=off --skip-ssl" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc

--echo # Change the dynamic variable from OFF to ON. it should throw error
--error ER_NO_SECURE_TRANSPORTS_CONFIGURED
SET @@global.require_secure_transport = ON;

--echo # TCP/IP connection should succeed
--exec $MYSQL --host=127.0.0.1 --user=user_tcp --protocol=TCP -e "select 6"
connect(pipe_con4,localhost,root,,,,,PIPE);
disconnect pipe_con4;
--disable_query_log
--error 2038
connect(memory_con3,localhost,root,,,,$shm_name,SHM);
--enable_query_log

connection default;
--echo # Rebooting to start ssl support and require-secure-transport=off, disabled with SHM
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--loose-enable-named-pipe --loose-shared-memory=0 --require-secure-transport=off" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc

--echo # Change the dynamic variable from OFF to ON. it should not throw error
SET @@global.require_secure_transport = ON;

--echo # Connection type testing for TCP/IP protocol, secure transport required, should fail.
--error 1
--exec $MYSQL --host=127.0.0.1 --user=user_tcp --ssl-mode=DISABLED --protocol=TCP -e "select 7;"

--echo #Cleanup
connection default;
DROP USER 'user_tcp'@'127.0.0.1', 'user_ssl'@'127.0.0.1';
SET @@global.require_secure_transport = OFF;